Remove updatePlugins check - it's not enough

soos-io · Sep 24, 2024 · 2ac01b8 · 2ac01b8
1 parent b4dfeab
commit 2ac01b8
Show file tree

Hide file tree

Showing 6 changed files with 3 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -66,7 +66,6 @@ The basic command to run a baseline scan would look like:
 | `--projectName` |  | Project Name - this is what will be displayed in the SOOS app |
 | `--requestHeaders` |  | Set extra Header requests |
 | `--scanMode` | `baseline` | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) |
-| `--updatePlugins` |  | Update ZAP plugins before running. |
 
 ## Scan Modes
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "soos-dast",
-  "version": "3.0.3",
+  "version": "3.0.4",
   "description": "SOOS DAST - The affordable no limit web vulnerability scanner",
   "main": "index.js",
   "scripts": {

diff --git a/src/index.ts b/src/index.ts
@@ -56,7 +56,6 @@ export interface SOOSDASTAnalysisArgs extends IBaseScanArguments {
   requestCookies: string;
   requestHeaders: string;
   scanMode: ScanMode;
-  updatePlugins: boolean;
   targetURL: string;
 }
 
@@ -241,12 +240,6 @@ class SOOSDASTAnalysis {
       },
     );
 
-    analysisArgumentParser.argumentParser.add_argument("--updatePlugins", {
-      help: "Set to true to update the ZAP plugins before running.",
-      action: "store_true",
-      required: false,
-    });
-
     analysisArgumentParser.argumentParser.add_argument("targetURL", {
       help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
     });

diff --git a/src/utilities/ZAPCommandGenerator.ts b/src/utilities/ZAPCommandGenerator.ts
@@ -57,8 +57,6 @@ export class ZAPCommandGenerator {
     this.addEnvironmentVariable("EXCLUDE_URLS_FILE", this.config.excludeUrlsFile);
     this.addEnvironmentVariable("OAUTH_PARAMETERS", this.config.oauthParameters);
     this.addEnvironmentVariable("OAUTH_TOKEN_URL", this.config.oauthTokenUrl);
-    if (this.config.updatePlugins)
-      this.addEnvironmentVariable("UPDATE_PLUGINS", this.config.updatePlugins);
   }
 
   private generateCommand(args: string[]): string {

diff --git a/src/zap_hooks/helpers/configuration.py b/src/zap_hooks/helpers/configuration.py
@@ -36,7 +36,6 @@ class DASTConfig:
     header: Optional[str] = None
     oauth_token_url: Optional[str] = None
     oauth_parameters: Optional[str] = None
-    update_plugins: Optional[bool] = False
     xss_collector: Optional[str] = None
 
     def __init__(self):
@@ -68,14 +67,9 @@ def load_config(self, extra_zap_params):
             self.header = os.environ.get('CUSTOM_HEADER') or EMPTY_STRING
             self.oauth_token_url = os.environ.get('OAUTH_TOKEN_URL') or EMPTY_STRING
             self.oauth_parameters = self._get_hook_param_list(os.environ.get('OAUTH_PARAMETERS')) or EMPTY_STRING
-            self.update_plugins = os.environ.get('UPDATE_PLUGINS') or False
             self.xss_collector = os.environ.get('XSS_COLLECTOR') or EMPTY_STRING
 
             self.extra_zap_params = extra_zap_params
-            # NOTE: by default, we skip the addon update in case there are breaking changes and our image hasn't been updated yet.
-            if self.update_plugins is False and "-addonupdate" in self.extra_zap_params:
-                self.extra_zap_params.remove("-addonupdate")
-                log(f"Removing plugin update argument.")
             log(f"Extra params passed by ZAP: {self.extra_zap_params}")
 
         except Exception as error: